wordpress blog stats
Connect with us

Hi, what are you looking for?

Amazon’s Twitch hit by massive data breach, entire source code and user payout info leaked

Data leaked from the live streaming platform which has not been very forthcoming in its operational details, is 125GB in size.

Amazon-owned Twitch has suffered a massive data breach that has resulted in the leak of its entire source code and user payout information, Video Games Chronicle (VGC) reported on October 6 based on data shared by an anonymous hacker.

“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this,” Twitch tweeted Wednesday evening. “We will update the community as soon as additional information is available,” the company said.

Update (8 Oct, 8:30 am): Twitch said that the breach was due to an error in a Twitch server configuration change. The company also said that login details and full credit card numbers were not exposed.

Twitch is a live streaming e-sports platform with over 30 million average daily visitors where gamers broadcast themselves playing video games.

MediaNama has reached out to Amazon India to understand the impact of the breach on Indian users and we will update this report when we get a response.

What data has been leaked so far?

According to VGC, the leaked data is 125GB in size and consists of the following data:

Advertisement. Scroll to continue reading.
  • The entirety of Twitch’s source code with commit history
  • Creator payout reports from 2019 until now, including how much popular streamers earned on the platform (81 Twitch streamers have been paid more than $1 million by Twitch since August 2019, the report stated).
  • Mobile, desktop, and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools, which are tools designed to improve security by having staff pretend to be hackers, the report said

VGC said that the leaked data was publicly available on 4chan for download, but the thread has since been removed and MediaNama wasn’t able to independently confirm the contents of the leak. 

Screenshot of 4chan thread with the leaked data. Source: ArsTechnica

“Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE,” the hacker said. The hacker also said that this is “part one” suggesting that there is more to come.

Ramifications of the leak

The hacker claims to have leaked this data to “foster more disruption and competition in the online video streaming space” because Twitch’s community is a “disgusting toxic cesspool.”

Twitch famously fiercely guards operational details such as how much its streamers are paid, so this looks extremely embarrassing for the company. And it comes at a time when competitors such as YouTube Gaming are offering huge salaries to snap up gaming talent, so the fallout could be significant. — Cyber reporter Joe Tidy for BBC

Platformer’s Casey Newton spoke to Twitch engineers to understand how this leak could have happened and found out that “Twitch had a notoriously lax approach to internal security.” He found “the company did not develop an effective model to counter internal threats” and “every engineer could clone every code repository, making it possible for someone to essentially copy and paste the entire code base.”

With the code base out in the wild now, Twitch’s real problems are only beginning. With the leaked files, a motivated hacker could install an instance of Twitch on their local server, and then attempt to reverse-engineer exploits from what they find. — Newton

Also Read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ